Biometric security has grown in importance and includes many technical approaches. Biometrics refers to authentication techniques that rely on measurable physiological and individual characteristics that can be verified. Biometric systems will play a critical role in the future of security and privacy. Biometric technology is usually based on one or more of the following unique identifiers: 1) fingerprint, 2) voice, 3) face, 4) handprint, 5) iris, 6) retina, 7) signature, 8) DNA, or 9) brainwave. Depending on the context a biometric system can be either a verification (authentication) or an identification system. Verification (am I who I claim to be?) involves confirming or denying a person's claimed identity. Identification (who am I?) is focused on establishing a person's identity. Biometrics can potentially be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. It can be used during transactions conducted by telephone or Internet, including electronic commerce and electronic banking. Biometrics is playing a crucial role in military security. Biometrics can also replace keys with keyless wireless entry devices for motor vehicles or buildings.
Fingerprint authentication devices have been in use for a number of years. Typically, fingerprint authentication devices use a fingerprint sensor that detects ridges, gaps, and contours within the interstices in the fine lines of a human fingerprint. Generally, this data is conditioned by a computational processing unit that removes random data signals (noise) caused by variations in detection devices and the substrates and filaments that come in contact with a finger. Then a computational process analyzes the resulting data to extract a series of discrete “biometric” features found to be common to most fingerprint data by one researcher or another and found in the data resulting after noise removal. The combination of these discrete biometric features with their attendant qualities and quantities can describe a specific fingerprint. Further, a database may store a series of such biometric readings for multiple individuals. Thus, an individual claiming to be a certain person can place a finger on a fingerprint sensor and a computer can match the biometric data calculated from the person's fingerprint with the biometric data from the claimed identity in the database. A variant of this approach would involve an unknown person who makes no claim to a specific identity. The biometric data from such a person could be compared to a general database of such data for all persons to find a match or a matching group of identities with the same biometric data.
The other serious issue regarding the use of biometric technology is the privacy issue. The extent to which biometrics threaten (or enhance) privacy depends on the use to which they are put. Some uses appear to have the potential for greater privacy threats or enhancements to privacy than others. The actual level of the threat or enhancement will vary according on the particular context. Use of biometrics for authentication may have a low level of privacy risk provided that the authentication system involves the individual knowingly exercising a choice to enroll in a system and the system does not require the authenticating body to hold large amounts of information about an individual except that necessary to establish that the person is who they claim to be. The effectiveness and efficiency of current biometric uses depends on computer technology and electronic devices. This means that most of the privacy risks associated with computer technology also apply to biometric systems. Systems that involve storage of data on, and processing and transmission using, computer technology are subject to hacking and unauthorized access, use and disclosure.
Biometrics has the potential to work as a privacy enhancing technology or a privacy intrusive technology. The impact of the technology depends on, but is not limited to, how it is designed, deployed, collected, stored, managed, and used. Critical factors are whether privacy is built in from early design stages and the extent of choice, openness and accountability. The interaction of privacy and biometrics and potential impacts on privacy through the collection and use of biometric information may include or depend on: the extent of personal information collected and stored in the context of a biometric application; the extent of choice for people about whether to provide biometric information; the fact that biometrics are a powerful identification tool but also can go powerfully wrong; and potential for greater and possibly covert collection of very sensitive information in the course of ordinary transactions. Potential impacts of biometrics and privacy and how they may apply to biometric applications both in the public and private sectors raises considerations such as: bodily privacy in the collection of biometrics; openness and choice in the collection of biometrics; anonymity; potential for data linkage and function creep; and potential for biometric information to act as a universal unique identifier.
All of these considerations have a relevant bearing on how to think about biometrics. Another perspective is that at the same time as the use of biometrics may pose a threat to privacy; there are many possible benefits to individuals, including the possibility of better protection from identity theft and the convenience of not having to remember multiple PINs or passwords. The present invention addresses the earlier mentioned technical challenges while actually enhancing privacy.
A long felt need in the marketplace has been to make biometric authentication technology portable enough to use in applications such as ISO-compliant financial cards, ID cards, or keyless wireless entry devices, all of which tend to be small and/or very thin. The main problems with conventional fingerprint as well as other biometric authentication devices in these type of applications is that the systems are simply too complex in terms of cost, size, energy requirements, and computational power to fit into such a small working space. Relative to such devices the biometric sensors and their accompanying verification algorithms tend to require too much computational complexity, be too large, require too much battery power, and are too expensive. Further, to detect an adequate depth and quantity of characteristics from a fingerprint for reduction to a set of biometrics, the resolution must be relatively dense, requiring high-resolution fingerprint sensors. Both the foregoing are expensive solutions, since costly fingerprint sensors must exist at each place a person's biometric data is to be authenticated, and the act of authentication requires a relatively powerful processing capability to calculate the biometric data. This is essentially a relatively non-portable solution, as the authentication can occur only where there exists adequate processing capabilities and access to an existing and reliable dataset against which to challenge the candidate fingerprint biometrics.
Traditional biometric approaches also have raised security issues in that there is potential for extracting conventional biometric information off of a card to obtain a user's fingerprint information. There is clearly a need for a verification approach that cannot be broken down to yield fingerprint information about the user.
In co-pending U.S. patent application Ser. No. 10/784,556 of this author the need for a highly accurate, secure method that is not computationally intensive and can thus be embedded on an ISO compliant financial card or the like was addressed by a system for personal identity verification that includes at least a computer based enrollment system for training a neural net to obtain neural net weights for a biometric of a user; a carrier, at least one biometric sensor mounted on the carrier, and neural net engine circuitry mounted on said carrier and having stored neural net weights obtained from the computer based enrollment system for the user. The resulting solution allows the development of applications such as ISO-compliant financial cards, ID cards, or keyless wireless entry devices that only require a small, low power neural net chip and enough memory to store the relevant neural net weights associated with a desired biometric.
For systems in which there is not an embedded neural net engine circuitry already included in a carrier such as a circuit board, but there is an embedded microprocessor with memory, there is still a need for a highly efficient and totally secure system for biometric validation. The conceptual framework of co-pending U.S. patent application Ser. No. 10/784,556 is used herein to define a second instant invention to address this need.
What is needed is then an approach that is completely secure, that verifies fingerprints to high accuracy, but does so with a limited amount of software code that can be rapidly transferred into the memory of electronic devices such as personal digital assistants, personal computers, cellular phones, and the like. The instant invention accomplishes that in a novel way. In this patent application such devices will be referred to as electronic devices with microprocessors and internal memory.